I was bored tonight and i remember using invisionboards message board on my site before. Once of the exploits with it was the phpinfo.php file. All you had to do was go to that file and it would give someone just about anything they need. Me being my curious self just typed in "phpinfo.php" on google and up popped 14,000 files.

gives paths, server info, and all the configuration settings. I didn't go any further (yet) with this but isn't that a little unsecure? I'm not that good with message board stuff, it just caught my eye.

Anybody got some info or feedback to go along with this? I'de be interested to see what some of you have to say about it.

if you had an exploit to get into the system, then yes, that script can give you a lot of useful information that may help in how you should use whatever exploit you have. But, that info in itself doesn't enable you to exploit them.